Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    829cadee0d03495a0fb24c959.exe

  • Size

    790KB

  • Sample

    230709-xvlv5sfc52

  • MD5

    829cadee0d03495a0fb24c959f11a1d0

  • SHA1

    016655462d6fe5340d1589e9f2e8e702c955184e

  • SHA256

    79281c19da4dcb0340c2f62b8ef029791a6f6772852ff45aa2108cdeae265b51

  • SHA512

    30f4960dfc0a38fbb0c24c3fea1ac38b16d74538a5610ab8d0fcc768f306dec4c579008089e53010aeecf3ce2792c2fbb63b64f655838582f5472279ff053262

  • SSDEEP

    24576:oLRlTv582gyB0OCJcdjtJcFxagh/3xO5fmCbz:oVZGMs0KwSOmCbz

Malware Config

Extracted

Family

redline

Botnet

norm

C2

77.91.68.70:19073

Attributes
  • auth_value

    1514e6c0ec3d10a36f68f61b206f5759

Targets

    • Target

      829cadee0d03495a0fb24c959.exe

    • Size

      790KB

    • MD5

      829cadee0d03495a0fb24c959f11a1d0

    • SHA1

      016655462d6fe5340d1589e9f2e8e702c955184e

    • SHA256

      79281c19da4dcb0340c2f62b8ef029791a6f6772852ff45aa2108cdeae265b51

    • SHA512

      30f4960dfc0a38fbb0c24c3fea1ac38b16d74538a5610ab8d0fcc768f306dec4c579008089e53010aeecf3ce2792c2fbb63b64f655838582f5472279ff053262

    • SSDEEP

      24576:oLRlTv582gyB0OCJcdjtJcFxagh/3xO5fmCbz:oVZGMs0KwSOmCbz

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • Executes dropped EXE

    • Loads dropped DLL

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v6

Tasks